ATM networks may be easier to secure, thanks to a new ATM Forum-blessed security specification.
At the ATM Forum's December meeting, the group firmed up 11 new ATM standards, which included the ATM Security Specification v1.0. The security specification, which has been in the works for about two years, defines how to set up authentication, confidentiality and access control on ATM networks.
User authentication can be based on Public-Key Infrastructure or a previously agreed upon security key, said Richard Graveman, chair of the ATM Forum's Security Working Group.
The specification enforces data integrity by adding cryptography at the ATM adaptation layer, which allows recipients to detect any modifications to or replays of old data. The feature is especially useful when handling constantly changing financial data, Graveman said. To ensure confidentiality, the specification states that each ATM payload be encrypted and the access control parameters be based on the Department of Defense's ATM network access control guidelines.
Today, vendors implement proprietary security features that can end interoperability problems amongst multivendor ATM equipment.
The group also finished working on two important specifications that detail how to support voice over ATM in a WAN and how to set-up ATM network addresses. The two specifications are the ATM Trunking Using AAL2 for Narrowband Service and the ATM Forum Addressing Reference Guide.